Thanks Kings, saved! Ian
On 12 Sep 2010, at 13:00, Kingsley Charles <[email protected]> wrote: > Hi all > > Just wanted to throw lights on VPDN as a follow up to my previous mail on > l2tp. I think, this mail will useful for your CCIE preparation. > > Following are three l2 tunneling protocols > > L2F (layer 2 forwarding) - Cisco's proprietary > PPTP (Point to point tunneling protocol - Microsoft proprietary > L2TP (layer 2 tunneling protocol) - Both Cisco and Microsoft made this with > best of l2tp and pptp > > L2F uses udp port 1701. > PPTP uses tcp port 1723 for control session and GRE for tunneling the data. > L2TP uses udp port 1701. > > None of above does encryption. > > PPTP uses MPPE (Microsoft Point to Point Encryption) for encryption. > L2TP can be encrypted using IPSec which is L2TP over IPSec. > > The working for all the three is same. A client dials to NAS (Network Access > server) and sends PPP packet to the it. NAC sends the PPP packet to tunnel > server using one of the tunneling protocol across the internet. > > > > > > For each tunneling protocol, the components are the same but the names are > different. > Client > NAS > Tunneling server > Following are the names used: > > Generic Term > L2F Term > L2TP Term > PPTP Term > NAS > > NAS > > L2TP access concentrator (LAC) > > PPTP access concentrator (PAC) > > Tunnel server > > Home gateway > > L2TP network server (LNS) > > PPTP network server (PNS) > > > > VPDNs > > VPDN is Virtual Private Dial Network that extends the remote user to a > private network across internet. Dial user can use ISDN, Analog modem that > carries the PPP. > > VPDN support PPPoE, L2TP, PPTP and L2F > > With respect to CCIE Security, the scope is L2TP. But the configuration and > functionality are almost similar. > L2TP > > Client initiated is where the client PC initiates the l2tp tunnel directly to > the LNS. LAC doesn't participate in the tunnel negotiation and establishment. > This is also known as voluntary tunneling > > > > > NAS initiated is where the LAC initaites the l2tp tunnel. This is also known > as compulsory tunneling > > > > > Working > > > When the client PC initiates a PPP session to the LAC, the LAC searches VPDN > groups to see if the PPP packets is from a l2tp user. If yes, the LAC > initiates the l2tp tunnel to the LNS across the internet. > The LAC searches the domain name or DNIS (Dialed Number Information Service) > or multihop name. > > You can configure vdpn search order using the following command on the LAC. > The default is to search for the DNIS first and then domain-name, if the > following is not configured. > "vpdn search-order domain dnis" > > DNIS is the ISDN or Analog Modem calling party number. > Domain name is domain name that is found along with the uername used for CHAP > or PAP authentication. > > > You can also use AAA with VPDN. > > Multihop tunneling > > Multihop tunneling is where l2tp tunnels are cascaded. > > > > > Multihop VPDN can be used to configure a router as a tunnel switch. A tunnel > switch is a device that is configured as both a NAS and a tunnel server. A > tunnel switch is able to receive packets from an incoming VPDN tunnel and > send them out over an outgoing VPDN tunnel. Multihop VPDN can be used to > configure a router as a tunnel switch. A tunnel switch is a device that is > configured as both a NAS and a tunnel server. A tunnel switch is able to > receive packets from an incoming VPDN tunnel and send them out over an > outgoing VPDN tunnel. > > VDPN submode dial commands > > accept-dialin : Configures the VPDN on Tunnel server to accept requests from > NAS > > accept-dialout : Configures the VPDN on ANS to accept requests from Tunnel > server > request-dialin : Configures the VPDN on NAS to request tunnel establishment > to Tunnel Server > > request-dialout : Configures the VPDN on Tunnel server to request tunnel > establishment to NAS > > router(config)#vpdn-group king > router(config-vpdn)#? > VPDN group configuration commands: > accept-dialin VPDN accept-dialin group configuration > accept-dialout VPDN accept-dialout group configuration > default Set a command to its defaults > description Description for this VPDN group > dsl-line-info-forwarding Forward DSL Line Info attributes > exit Exit from VPDN group configuration mode > ip IP settings for tunnel > no Negate a command or set its defaults > redirect Call redirection options > request-dialin VPDN request-dialin group configuration > request-dialout VPDN request-dialout group configuration > source Configuration source for this vpdn-group > source-ip Set source IP address for this vpdn-group > vpn VPN ID/VRF name > > > > > With regards > Kings > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
